CVE-2023-5846 - OpenCVE

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Franklinfueling	Ts-550 Evo Ts-550 Evo Firmware

Configuration 1 [-]

AND

cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-11-02T16:47:40.389Z

Updated: 2023-11-02T16:47:40.389Z

Reserved: 2023-10-30T16:24:03.097Z

Link: CVE-2023-5846

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-02T17:15:11.747

Modified: 2023-11-09T20:41:19.543

Link: CVE-2023-5846

JSON object: View

Redhat Information

No data.

CWE

CWE-916

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5846", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-10-30T16:24:03.097Z", "datePublished": "2023-11-02T16:47:40.389Z", "dateUpdated": "2023-11-02T16:47:40.389Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TS-550", "vendor": "Franklin Fueling System", "versions": [{"lessThan": "1.9.23.8960", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n"}], "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>"}], "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C746FABA-E991-4646-9551-0038FB1D51A6", "versionEndExcluding": "1.9.23.8960", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*", "matchCriteriaId": "42AF9F76-7481-4621-B002-510053E61A7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones del Franklin Fueling System TS-550 anteriores a la 1.9.23.8960 son vulnerables a que los atacantes descifren las credenciales de administrador, lo que da como resultado un acceso no autenticado al dispositivo."}], "id": "CVE-2023-5846", "lastModified": "2023-11-09T20:41:19.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-11-02T17:15:11.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}